Hi Kory, On Wed, 14 Jan 2026 at 17:16, Kory Maincent <[email protected]> wrote: > > On Wed, 14 Jan 2026 15:54:07 +0200 > Ilias Apalodimas <[email protected]> wrote: > > > Hi Kory, > > > > On Wed, 14 Jan 2026 at 11:59, Kory Maincent <[email protected]> > > wrote: > > > > > > When boot_idx differs from active_idx at boot time, it indicates a > > > rollback scenario where the firmware update failed and the system > > > reverted to the previous working bank. In this case, mark the failed > > > bank (active_idx) as invalid to prevent future boot attempts from that > > > bank. > > > > > > This change adds a new fwu_invalid_bank() function that sets the bank > > > state to FWU_BANK_INVALID and syncs the metadata. This is only > > > supported in FWU metadata version 2; version 1 provides a no-op stub. > > > > > > Without this change, a failed bank would remain in a valid state and > > > could potentially be selected for boot again, leading to repeated > > > boot failures. > > > > How? Doesn't the code already switch the metadata to point to the > > 'boot_idx' bank as active? > > What could happen here I guess, is the selected active bank to go bad > > somehow and the firmware would try the secondary bank, which contains > > an invalid firmware. But in that case the board will fail to boot > > regardless. Is there a corner case I am missing? > > I think I have faced a corner case, but I can't recall what it was. :/
I think this patch has value if you have 3 banks. In that case, you won't have to try and boot the invalid one, before booting a correct one. > Anyway we should change the bank state to invalid if we don't manage to boot > one bank right. We should provide to the user the information that one bank is > in an invalid state if that is the case. What do you think? Yes. The invalid state is already described in the spec so I think this is fine. However, instead of adding a new function to invalidate the state, can't we tweak fwu_bank_state_update() instead? Instead of a boolean for trial state, pass an the actual state and update it while keeping the same checks. Regards /Ilias > > Regards, > -- > Köry Maincent, Bootlin > Embedded Linux and kernel engineering > https://bootlin.com
